From 35c8899949cb7c1e3712b9c07e5b0c0a9a701269 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 1 Sep 2008 14:43:00 +1000
Subject: Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust.

Also check we get the defaults correct with a query in the torture
suite.

Andrew Bartlett
(This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
---
 source4/rpc_server/lsa/dcesrv_lsa.c |  6 ++++++
 source4/torture/rpc/lsa.c           | 21 ++++++++++++++++++---
 2 files changed, 24 insertions(+), 3 deletions(-)

(limited to 'source4')

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index f67b5dee10..923b1e400c 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -672,6 +672,12 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_cal
 	}
 
 	samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain");
+
+	samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustType", LSA_TRUST_TYPE_DOWNLEVEL);
+
+	samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustAttributes", 0);
+
+	samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustDirection", LSA_TRUST_DIRECTION_OUTBOUND);
 	
 	trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn);
 
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index ec74426ac6..edfc12f9f1 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -2016,7 +2016,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
 		} else {
 		
 			q.in.trustdom_handle = &trustdom_handle[i];
-			q.in.level = LSA_TRUSTED_DOMAIN_INFO_NAME;
+			q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
 			status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
 			if (!NT_STATUS_IS_OK(status)) {
 				printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status));
@@ -2024,9 +2024,24 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
 			} else if (!q.out.info) {
 				ret = false;
 			} else {
-				if (strcmp(q.out.info->name.netbios_name.string, trustinfo.name.string) != 0) {
+				if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.name.string) != 0) {
 					printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
-					       q.out.info->name.netbios_name.string, trustinfo.name.string);
+					       q.out.info->info_ex.netbios_name.string, trustinfo.name.string);
+					ret = false;
+				}
+				if (q.out.info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) {
+					printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", 
+					       trust_name, q.out.info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL);
+					ret = false;
+				}
+				if (q.out.info->info_ex.trust_attributes != 0) {
+					printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", 
+					       trust_name, q.out.info->info_ex.trust_attributes, 0);
+					ret = false;
+				}
+				if (q.out.info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) {
+					printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", 
+					       trust_name, q.out.info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND);
 					ret = false;
 				}
 			}
-- 
cgit